Package org.parosproxy.paros.core.scanner

Examples of org.parosproxy.paros.core.scanner.Alert


        public void valueChanged(javax.swing.event.TreeSelectionEvent e) {
            DefaultMutableTreeNode node = (DefaultMutableTreeNode) treeAlert.getLastSelectedPathComponent();
            if (node.getUserObject() != null) {
                Object obj = node.getUserObject();
                if (obj instanceof Alert) {
                    Alert alert = (Alert) obj;
                setMessage(alert.getMessage());

                }
            }
        }
      });
View Full Code Here


      Vector v = tableAlert.getAlertListBySession(session.getSessionId());
     
      for (int i=0; i<v.size(); i++) {
          int alertId = ((Integer) v.get(i)).intValue();
          RecordAlert recAlert = tableAlert.read(alertId);
          Alert alert = new Alert(recAlert);
          addAlertToDisplay(alert);
      }
  }
View Full Code Here

            if (child.toString().equals(nodeName)) {
                if (child.getUserObject() == null) {
                    return null;
                }
               
                Alert tmp = (Alert) child.getUserObject();

                if (tmp.getParam().equals(alert.getParam())) {;
                  return child;
                }
            }
        }
        return null;
View Full Code Here

              }
              AlertNode node = (AlertNode) obj;
              if (node.getUserObject() != null) {
                  obj = node.getUserObject();
                  if (obj instanceof Alert) {
                      Alert alert = (Alert) obj;
                      msg = alert.getMessage();
                     
                  } else {
                      return;
                  }
              }
View Full Code Here

            psAlert.setInt(1, recordScan.getScanId());
            psAlert.executeQuery();
            ResultSet rs = psAlert.getResultSet();

            RecordAlert recordAlert = null;
            Alert alert = null;
            Alert lastAlert = null;

            StringBuffer sbURLs = new StringBuffer(100);
            String s = null;
           
            // get each alert from table
            while (rs.next()) {
                int alertId = rs.getInt(1);
                recordAlert = db.getTableAlert().read(alertId);
                alert = new Alert(recordAlert);

                if (lastAlert != null && alert.getPluginId() != lastAlert.getPluginId()) {
                    s = lastAlert.toPluginXML(sbURLs.toString());
                    sb.append(s);
                    sbURLs.setLength(0);
                }

                s = alert.getUrlParamXML();
                sbURLs.append(s);

                lastAlert = alert;

            }

            if (lastAlert != null) {
                sb.append(lastAlert.toPluginXML(sbURLs.toString()));
            }
               

           
        } catch (SQLException e) {
View Full Code Here

    }
   
  }

  private void raiseAlert(HttpMessage msg, int id, String cacheControl) {
      Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
              "The cache-control and pragma HTTP header have not been set properly allowing the browser and proxies to cache content",
              msg.getRequestHeader().getURI().toString(),
              cacheControl,
              "", "",
              "Whenever possible ensure the cache-control HTTP header is set with no-cache, no-store, must-revalidate, private, and the pragma HTTP header is set with no-cache.",
View Full Code Here

              if (type != null && type.equalsIgnoreCase("PASSWORD")) {
               
                autoComplete = inputElement.getAttributeValue("AUTOCOMPLETE");
                if (autoComplete == null || ! autoComplete.equalsIgnoreCase("OFF")) {
                 
                  Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
                    "Password Autocomplete in browser");
                    alert.setDetail(
                      "AUTOCOMPLETE attribute is not disabled in HTML FORM/INPUT element containing password type input.  Passwords may be stored in browsers and retrieved.",
                      msg.getRequestHeader().getURI().toString(),
                      inputElement.getName(),
                      inputElement.toString(),
                      "",
View Full Code Here

      this.raiseAlert(msg, id, null);
    }
  }
 
  private void raiseAlert(HttpMessage msg, int id, String xssHeaderProtection) {
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,  getName());
    alert.setDetail(
          Constant.messages.getString("pscanrules.xss-protection.desc"),
              msg.getRequestHeader().getURI().toString(),
              "",            //parameter
              "",           //attack
              Constant.messages.getString("pscanrules.xss-protection.extrainfo"),    //other info
View Full Code Here

      }
    }
  }

  private void raiseAlert(HttpMessage msg, int id, String xFrameOption, boolean isXFrameOptionsMissing) {
    Alert alert = new Alert(getPluginId(), Alert.RISK_MEDIUM, Alert.WARNING,
          getName());
          alert.setDetail(
            getDescription(isXFrameOptionsMissing),
              msg.getRequestHeader().getURI().toString(),
              xFrameOption,
              "",
              "",
View Full Code Here

    // Internal service method for alert management
    private void raiseAlert(HttpMessage msg, int id, String evidence) {
        // Raise an alert according to Passive Scan Rule model
        // description, uri, param, attack, otherInfo,
        // solution, reference, evidence, cweId, wascId, msg
        Alert alert = new Alert(getPluginId(), getRisk(), Alert.WARNING, getName());
        alert.setDetail(
                getDescription(),
                msg.getRequestHeader().getURI().toString(),
                "N/A",
                evidence,
                "",
View Full Code Here

TOP

Related Classes of org.parosproxy.paros.core.scanner.Alert

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.